The 20 Biggest All Time Hacking Attacks

Hacking has a colorful history, whether with serious consequences or for lulz. Join us as we investigate the top 20 of Internet-changing cyberattacks. Share

There is little doubt that as we know it, the internet has changed the modern world in a positive way. From the ability to access information from anywhere we want instant global interaction, the worldwide web has helped shape a more connected world where ideas flow freely. But like the universe George Lucas envisioned in Star Wars, the forces of good generated by the internet also have a dark side. The web’s freedom and opportunity is constantly exploited by criminals gangsters and terrorists operating in the dark web making online security and cybercrime one of the 21st century’s biggest social concerns. Hacking occupies a prominent position in the cybercrime pantheon. Occupying a shadowy virtual underworld of government spies political activists delinquent teenagers and mercenaries crooks the ability to break into corrupt penetrate take over or kill computer networks from afar is often romanticized as much as vilified in the public imagination. Hackers ‘ work makes international headlines with a grudging admiration for their enigmatic abilities and is the subject of film television dramas and books.

Despite the sometimes romantic depiction hacking poses a real threat. From identity theft to breaking down large companies ‘ IT systems stealing credit card details to jeopardizing state security hacking can and does cause huge amounts of chaos with huge financial implications. Here’s a timeline of the 20 biggest hacking attacks yet seen how they were executed and their impact.



Before the internet even early hackers worked out a technique called Phonemasters updated this technique by stealing international calling card codes online and selling them at $2 apiece.

Realizing the scope to increase their profits the gang went on to hack steal and sell everything from personal credit reports to FBI crime records even at one point. Its activities are reported to have risen by about $1.85 million before three of the group was finally captured and incarcerated in a FBI computer tap sting five years later.


Citibank / Vladimir Levin

Demonstrating the global reach of cybercrime even when the worldwide internet was still in its infancy Russian software engineer Vladimir Levin was imprisoned for three years in Levin Most of the stolen cash was recovered, but the case represented an early shot across the bows alert of the vulnerabilities in electronic banking transactions.


Melissa Virus

Most of us are now aware of the threat of so-called phishing attacks using SPAM email to propagate viruses. But the world was blissfully ignorant of this possibility in 1999, which made Melissa’s spread even more devastating. An American programmer’s work named David L. Smith the Melissa Virus was brought in an email attached to a Word document. When the attachment was opened, the virus would not only infect the host system, it would automatically send the email to the first 50 people in the address book of the victim. The result was a virus that spread so quickly that some email providers had to suspend services until a fix was found.

MafiaBoy was the online name of Quebec’s precocious teenage hacker Michael Calce. An estimated $1.2 billion has been raised by the archetypal insecure boy genius who used his machine as his refuge from the world in February 2000. Since serving just 8 months imprisonment for the crime because he was still a minor Calce would later claim that he had no idea what the effect of the assault would actually have email addresses put into a security system that he downloaded out of curiosity.


Delta Airlines / Sven Jaschan

Another in the category of lone wolf adolescent wreaking havoc from his own home. Aged 18 and staying with Jaschan’s family, his highest profile target was Delta, who was forced to cancel multiple transatlantic flights in loss of $500 million. Jaschan was eventually caught through a tip-off after Microsoft put a $250,000 reward on the Sasser author’s head.


Operation Get Rich

Over a three-year period, many big name retailers in the US were targeted in a series of major hacks aimed at stealing customer credit and debit card data in order to sell them for gain. All these attacks were the result of Alberto Gonzalez and his crew who used SQL injections to exploit weaknesses in unsecured WiFi.

Considered one of the biggest cases of identity theft in history, Gonzalez is estimated to have stolen $250 million worth of damages each. Gonzalez was finally caught and jailed for 20 years.


Operation Shady RAT

Operation Shady RAT

In addition to hacking for financial gain, the digital surveillance environment is attracting the most coverage in the mainstream news. But it is often quite difficult to get the true stories behind this hacking product, considering the presence of national governments and the diplomatic / intelligence sensitivities they bring. Operation Shady RAT is the name given to a series of attacks in 14 different countries involving a number of organizations. The finger of blame was pointed at China primarily on the grounds that in the run up to the 2008 Olympic Games the IOC and World Anti-Doping Agency were hacked. But no one can be certain and everyone really knows that the attacks used the same Remote Access method to gain control over the computers of victims and that the information stolen is unlikely to be for financial reasons.



A classic example of stealing two million credit card numbers used to make $86 million transactions. He was also accused of operating an electronic forum called the popular Carders Market where online contraband could be bought and sold.

Estonia DDoS

To date, there have not been too many times when digital piracy has exploded into open cyber warfare, but that is a fair description of what happened in April and May 2007 in Estonia. Over a span of three weeks, Russia found out that the two countries were embroiled in a diplomatic row over the relocation of a Soviet war memorial from Tallinn, the capital of the Baltic state. Yet as is so often the case, no concrete proof has ever been found in these events.



The Conficker virus is one of the most popular and unusual pieces of malware ever discovered. Botnet which possibly housed about 9 million devices worldwide at its height. Normally hackers use botnets to conduct DDoS attacks to steal data and give individual nodes remote access. But what made Conficker so enigmatic was while being a sleeping giant able to wreak untold havoc on the internet it was never used to doing anything yet spreading itself. Maybe it was only a show of what was possible in the end.



There are a range of documented cases of malware being used by governments to achieve specific military goals. One was the allegedly destruction of 1000 nuclear centrifuges in Iran – wiping out one-fifth of the nuclear capabilities of the world. While no one has ever accepted responsibility, it doesn’t take much imagination to understand why the virus ‘ roots have been related to the US and Israel.



The world’s largest email marketing agency, Epsilon, was turned into a black year for hacking attacks on major corporations in March 2011. Epsilon runs global promotions with over 2000 companies including the likes of Marks & Spencer and JP Morgan Chase managing about 40 billion emails each year. Having apparently overlooked the threat of previous attacks, Epsilon finally fell victim to $225 m to $4bn.

Playstation Network

In April 2011, representatives of the personal identifiable information of 77 million user accounts.

In the end, Sony had to admit that it had a serious problem and had to shut the network at an e for 20 days. They are bits of code attached to a website URL and are created to ensure validity by third party providers. Comodo is one of those companies. Nonetheless, a hacker infiltrated the Comodo network in 2011 and was able to generate fake certificates for email providers such as Yahoo Google Gmail and Microsoft Hotmail. Using these keys, he might trick users into believing that they were on the legitimate email network when they sent emails directly to him instead. A lone wolf hacker from Iran claimed responsibility, but the attack was one of the greatest infringements on online communications security.


Rounding off the major cyber attacks that made headlines in 2011, the attack on financial services company CitiGroup was noteworthy for the accounts of over 200,000 people stealing addresses and account numbers. This attack demonstrated how most attacks result from vulnerabilities in the online infrastructure, widely considered a catastrophic failure in basic security.


Saudi Aramco

Because of the commercial sensitivities involved, it is well known that many major hacking attacks go unreported as large corporations close the lid on facts coming out to protect their reputation. One example of this is a massive attack on oil company Saudi Aramco in 2012 that went completely unreported until several years later information began to leak out. Apparently launched through a phishing or spear phishing attack, it gave unidentified hackers complete access to the company’s IT systems that wreak havoc on an enterprise that controls 10% of the world’s oil supply. With an entire network fully frozen, the business had to resort to running its vast global distribution by hand while an insane scramble saw company reps sent to East Asia to purchase 50,000 new servers – pushing up database prices worldwide.



The history of cybercrime is full of examples of industrial vandalism, although most other cases on this list include angry or r The case of the Spamhaus is a bit different. Spamhaus is one of the world’s unjustified Cyberbunker censorships retaliated by a huge DDoS attack – so large it didn’t just stop Spamhaus operations it slowed down internet connections across Europe.

Global Bank Spear Phishing

Spear phishing attacks plant malware on a network using spam email in the same manner as a regular phishing attack. The difference is that spear phishing attacks go much longer to make their email look genuine and innocuous by imitating accepted trusted s. Starting in 2013, a series of spear phishing attacks targeting some of the world’s largest banks and financial institutions were impersonating bank staff to transfer funds sat in IT systems for months to end the sending of sensitive data to criminals and was so sophisticated that it even allowed the gang to watch what was happening in bank offices through webcams. After an investigation, it was found that hackers broke into the Mt Gox customer database stealing 60,000 people’s usernames and passwords and using them to steal currency into the system.

Bangladesh Bank Heist

What would have been the single biggest case of bank robbery in online history or was ultimately brought down in the most boring ways – related to other attacks on banks across Asia.



In recent years, the popularity of so-called ransomware has increased considerably. Mainly spread via phishing attacks ransomware will typically freeze or take control of a device while the attackers demand money to restore it back to normal.

Though, the May 2017 WannaCry attack was different. It was the first known example of requiring $300 per device to decrypt the code.



Many major social media sites may be compromised. Facebook was infringed on September 27th when hackers exploited three vulnerabilities that compromised at least 50 million user data. Although Facebook did not take private messages or credit cards, it made a statement that the hackers stole personal information from your profile page, such as your name and home town. It turns out that the bugs were first implemented back in July which allowed hackers to obtain access tokens (the ability to log in without a password) to many accounts, but it wasn’t discovered until September by Facebook. Although users are uncertain whether hackers have gained access to Facebook-linked accounts such as Instagram, it’s really unclear why the hackers wanted to exploit such vulnerabilities instead of revealing them for a bug bounty payment.


From mischievous talented youth to organized criminal syndicates to make a fortune over the past two decades, hacking has caused a huge amount of hacking. And while the largest attacks eventually attract all the publicity, they are the iceberg’s tip. Hacking and cybercrime are now our world’s regular realities, producing a black market industry worth a billion dollars. So is there any way from the hackers to stay safe? It is very complicated because of the highly sophisticated and ever-evolving complexity of their methods. The online security industry has grown equally large and equally complex in response to the cybercrime threat and will have to continue to grow and adapt. For ordinary users, the message is keep up-to-date with your system to make sure that your firewalls and anti-virus are fit for purpose and watch out for spam emails and be alert about anything that might happen with your computer.

You might also like:

Was this helpful? Share it with you!


9 About the author’

Ariel Hochstadt

Ex-Google Global Tech SpeakerAriel Hochstadt Former Gmail Marketing Manager for Google internationally and now an internet entrepreneur. Ariel is a successful international speaker and author of three computer and internet books that have been published. He is vpnMentor’s co-founder and online privacy advocate.


Was this article helpful? 00Sorry about that! (Minimum of 10 characters.)

Thank you and …. A last application


Leave a Reply

Your email address will not be published. Required fields are marked *